Crypto Sector Sees 52.1% Drop in Q2 Losses Despite $801.3M in Breaches

In the second quarter of 2025, the cryptocurrency and Web3 sectors faced a significant number of security breaches, resulting in a total loss of $801.3 million across 144 separate incidents. This figure represents a 52.1% decrease in value lost compared to the previous quarter, with the number of incidents also dropping by 59. Despite these improvements, the adjusted losses for the quarter, after accounting for $181 million in recovered funds, still amounted to $620.4 million. The average loss per incident was $4.3 million, while the median loss was around $104,000.

Phishing attacks were the most damaging, with $395 million stolen across 52 incidents. Code vulnerabilities followed, resulting in $235.8 million in losses across 47 incidents. Ethereum was particularly hard hit, with 70 incidents leading to $65.4 million in losses. This network has been a frequent target, with 175 incidents recorded in the first half of 2025, resulting in $1.63 billion in losses. The average loss per incident for the first half of the year was $7.13 million, with a median loss of $89,026.

The broader security trend may not be as severe as the raw figures suggest. Two major incidents—the Bybit hack and the Cetus Protocol breach—accounted for around $1.78 billion of the year's losses. The Bybit hack, attributed to North Korea's Lazarus Group, involved exploiting the exchange's cold wallet infrastructure, resulting in the theft of over $1.5 billion in Ether. The Cetus Protocol breach, on the other hand, was due to an overflow check within the project's liquidity calculation function, leading to $225 million in losses. Without these two incidents, the total losses for the year would have been $690 million, indicating a more stable security environment.

Overall, the first half of 2025 saw total losses of $2.47 billion across 344 incidents. Wallet compromises were the costliest, accounting for $1.71 billion in losses across 34 incidents. Phishing remained the most frequent attack type, with $410.7 million stolen across 132 incidents. These figures highlight the ongoing challenges in securing the cryptocurrency ecosystem, despite some improvements in the second quarter.

Social engineering scams, which target user behavior rather than technological flaws, are on the rise. These attacks, such as address poisoning, are becoming more prevalent as hackers shift their focus from exploiting code vulnerabilities to manipulating user trust. This trend underscores the need for enhanced user education and robust security tools to mitigate these evolving threats.

In addition to phishing and code vulnerabilities, interoperability issues have also been identified as a significant risk. Cross-chain breaches, which exploit vulnerabilities in the interaction between different blockchain networks, resulted in $435 million in damages across 39 incidents in 2024. This highlights the dangers posed by decentralized finance (DeFi) and centralized exchanges, which are increasingly interconnected and reliant on secure interoperability.

Regulatory shifts offer some hope for improving security in the cryptocurrency sector. In the first quarter of 2025, the U.S. formed a Strategic Cryptocurrency Reserve aimed at storing digital assets. The SEC also established a Crypto Task Force to provide more proactive guidelines, moving away from a purely enforcement-based approach. These measures indicate growing institutional interest and a recognition of the importance of security as the adoption of cryptocurrencies continues to grow.